Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-17 | CVE-2019-0624 | Cross-site Scripting vulnerability in Microsoft Skype for Business 2015 A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype. | 5.4 |
| 2019-01-08 | CVE-2019-0622 | Improper Authentication vulnerability in Microsoft Skype 8.35 An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35. | 4.6 |
| 2019-01-08 | CVE-2019-0588 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Exchange Server An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server. | 6.5 |
| 2019-01-08 | CVE-2019-0569 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
| 2019-01-08 | CVE-2019-0562 | Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. | 5.4 |
| 2019-01-08 | CVE-2019-0561 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. | 5.5 |
| 2019-01-08 | CVE-2019-0560 | Unspecified vulnerability in Microsoft Office, Office 365 Proplus and Outlook An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. | 5.5 |
| 2019-01-08 | CVE-2019-0559 | Unspecified vulnerability in Microsoft Office, Office 365 Proplus and Outlook An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. | 6.5 |
| 2019-01-08 | CVE-2019-0558 | Cross-site Scripting vulnerability in Microsoft Business Productivity Servers and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. | 5.4 |
| 2019-01-08 | CVE-2019-0557 | Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2016 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. | 5.4 |